"""
Copyright (c) 2022 Huawei Technologies Co.,Ltd.

openGauss is licensed under Mulan PSL v2.
You can use this software according to the terms and conditions of the Mulan PSL v2.
You may obtain a copy of Mulan PSL v2 at:

          http://license.coscl.org.cn/MulanPSL2

THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
See the Mulan PSL v2 for more details.
"""
"""
Case Type   : 防篡改
Case Name   : 口令修改
Create At   : 2022/3/11
Owner       : @daiguatutu
Description :
    1.设置参数并重启数据库enableSeparationOfDuty=on
    gs_guc set -N all -I all -c enableSeparationOfDuty=on;
    gs_om -t restart
    设置参数password_reuse_time的值为0
    gs_guc reload -N all -I all -c "password_reuse_time = 0"
    2.创建新用户
    create user u_security_authen_password_0003 identified by 'test@123';
    3.新用户登录不加旧密码修改自身密码
    ALTER USER u_authen_password_0003 IDENTIFIED BY 'test@321';
    4.新用户登录使用错误的旧密码修改自身密码
    ALTER USER u_authen_password_0003 IDENTIFIED BY 'test@3214' REPLACE 'test';
    5.使用初始用户不加旧密码修改用户密码
    alter user u_authen_password_0003 identified by 'test@321';
    6.初始用户不加旧密码修改自身密码
    ALTER USER [初始用户] IDENTIFIED BY 'testdba@Mpp';
    7.初始用户加错误的旧密码修改自身密码
    ALTER USER [初始用户] IDENTIFIED BY 'test@3214' REPLACE 'test_234';
    8.清理环境
    ALTER USER [初始用户] IDENTIFIED BY '[初始用户原密码]';
    drop user u_security_authen_password_0003 cascade;
    gs_guc set -N all -I all -c enableSeparationOfDuty=off;
    gs_om -t restart
Expect      :
    1.成功
    2.成功
    3.失败
    4.失败
    5.成功
    6.成功
    7.成功
    8.清理环境成功
History     :
"""

import os
import unittest

from testcase.utils.Common import Common
from testcase.utils.CommonSH import CommonSH
from testcase.utils.Constant import Constant
from testcase.utils.Logger import Logger
from yat.test import Node
from yat.test import macro


class Security(unittest.TestCase):
    def setUp(self):
        self.log = Logger()
        self.log.info(f'-----{os.path.basename(__file__)} start-----')
        self.pri_sh = CommonSH('PrimaryDbUser')
        self.pri_node = Node('PrimaryDbUser')
        self.constant = Constant()
        self.common = Common()
        self.u_name = 'u_security_authen_account_0003'
        self.default_value1 = self.common.show_param('enableSeparationOfDuty')
        self.default_value2 = self.common.show_param('password_reuse_time')

    def test_security(self):
        text = '-----step1：设置参数并重启数据库enableSeparationOfDuty=on; ' \
               'expect:成功-----'
        self.log.info(text)
        mod_msg = self.pri_sh.execute_gsguc('set',
                                            self.constant.GSGUC_SUCCESS_MSG,
                                            'enableSeparationOfDuty=on')
        self.assertTrue(mod_msg, '执行失败:' + text)
        result = self.pri_sh.restart_db_cluster()
        self.assertTrue(result, '执行失败' + text)

        text = '-----设置参数password_reuse_time的值为0; expect:成功-----'
        self.log.info(text)
        mod_msg = self.pri_sh.execute_gsguc('reload',
                                            self.constant.GSGUC_SUCCESS_MSG,
                                            'password_reuse_time=0')
        self.assertTrue(mod_msg, '执行失败:' + text)

        text = '-----step2：创建普通用户 expect:成功-----'
        self.log.info(text)
        create_cmd = f"drop user if exists {self.u_name} cascade; " \
            f"create user {self.u_name} identified by " \
            f"'{macro.COMMON_PASSWD}';"
        msg = self.pri_sh.execut_db_sql(create_cmd)
        self.log.info(msg)
        self.assertIn(self.constant.DROP_ROLE_SUCCESS_MSG, msg,
                      '执行失败:' + text)
        self.assertIn(self.constant.CREATE_ROLE_SUCCESS_MSG, msg,
                      '执行失败:' + text)

        text = f'-----step3：新用户登录不加旧密码修改自身密码; expect:失败-----'
        self.log.info(text)
        sql = f"alter user {self.u_name} identified by " \
            f"'123{macro.COMMON_PASSWD}';"
        connect = f'-U {self.u_name} -W {macro.COMMON_PASSWD}'
        msg = self.pri_sh.execut_db_sql(sql, sql_type=connect)
        self.log.info(msg)
        self.assertIn("The old password can not be NULL, please input your "
                      "old password with 'replace' grammar",
                      msg, '执行失败:' + text)

        text = f'-----step4：新用户登录使用错误的旧密码修改自身密码; expect:失败-----'
        self.log.info(text)
        sql = f"alter user {self.u_name} identified by " \
            f"'123{macro.COMMON_PASSWD}' REPLACE '{macro.COMMON_PASSWD}4';"
        msg = self.pri_sh.execut_db_sql(sql, sql_type=connect)
        self.log.info(msg)
        self.assertIn('The old password is invalid', msg, '执行失败:' + text)

        text = f'-----step5：使用初始用户修改用户密码; expect:成功-----'
        self.log.info(text)
        sql = f"alter user {self.u_name} identified by " \
            f"'123{macro.COMMON_PASSWD}';"
        msg = self.pri_sh.execut_db_sql(sql)
        self.log.info(msg)
        self.assertIn(self.constant.ALTER_ROLE_SUCCESS_MSG,
                      msg, '执行失败:' + text)

        text = f'-----step6：使用初始用户修改自身密码; expect:成功-----'
        self.log.info(text)
        sql = f"alter user {self.pri_node.ssh_user} identified by " \
            f"'123{macro.COMMON_PASSWD}';"
        msg = self.pri_sh.execut_db_sql(sql)
        self.log.info(msg)
        self.assertIn(self.constant.ALTER_ROLE_SUCCESS_MSG,
                      msg, '执行失败:' + text)

        text = f'-----step7：初始用户加错误的旧密码修改自身密码; expect:成功-----'
        self.log.info(text)
        sql = f"alter user {self.pri_node.ssh_user} identified by " \
            f"'abc{macro.COMMON_PASSWD}' REPLACE '{macro.COMMON_PASSWD}';"
        msg = self.pri_sh.execut_db_sql(sql)
        self.log.info(msg)
        self.assertIn(self.constant.ALTER_ROLE_SUCCESS_MSG,
                      msg, '执行失败:' + text)

    def tearDown(self):
        self.log.info('-----step8：清理环境-----')
        text0 = f'-----恢复初始用户密码; expect:成功-----'
        self.log.info(text0)
        sql = f"alter user {self.pri_node.ssh_user} identified by " \
            f"'{macro.GAUSSDB_INIT_USER_PASSWD}';"
        msg = self.pri_sh.execut_db_sql(sql)
        self.log.info(msg)

        text1 = '-----删除用户 expect:成功-----'
        self.log.info(text1)
        drop_cmd = f"drop user if exists {self.u_name} cascade;"
        drop_msg = self.pri_sh.execut_db_sql(drop_cmd)
        self.log.info(drop_msg)

        text2 = '-----修改参数初始值并重启数据库 expect:成功-----'
        self.log.info(text2)
        mod_msg1 = self.pri_sh.execute_gsguc('set',
                                             self.constant.GSGUC_SUCCESS_MSG,
                                             f'enableSeparationOfDuty='
                                             f'{self.default_value1}')
        restart_res = self.pri_sh.restart_db_cluster()
        mod_msg2 = self.pri_sh.execute_gsguc('reload',
                                             self.constant.GSGUC_SUCCESS_MSG,
                                             f'password_reuse_time='
                                             f'{self.default_value2}')

        self.log.info('-----断言tearDown执行成功-----')
        self.assertIn(self.constant.ALTER_ROLE_SUCCESS_MSG,
                      msg, '执行失败:' + text0)
        self.assertIn(self.constant.DROP_ROLE_SUCCESS_MSG, drop_msg,
                      '执行失败:' + text1)
        self.assertTrue(mod_msg1, '执行失败:' + text2)
        self.assertTrue(restart_res, '执行失败:' + text2)
        self.assertTrue(mod_msg2, '执行失败:' + text2)
        self.log.info(f'-----{os.path.basename(__file__)} end-----')
